Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN793
_____________________________________________________________________

DATE                : 13/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache OFBiz versions prior
                                to 24.09.03.

=====================================================================
https://lists.apache.org/thread/ljyck5h1nl2o5hbgsdk971yt8mftosrm
https://lists.apache.org/thread/m4cb0tbcg4c56640q4obbyz0zdj0kxg2
_____________________________________________________________________

CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via
Unrestricted File Upload

Severity: important

Affected versions:

- Apache OFBiz before 24.09.03


Description:

Unrestricted Upload of File with Dangerous Type vulnerability in Apache
OFBiz.

This issue affects Apache OFBiz: before 24.09.03.

Users are recommended to upgrade to version 24.09.03, which fixes the issue.


Credit:

RedHive Team (security@hive.red) https://hive.red/en/ (finder)


References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/release-notes-24.09.03.html
https://issues.apache.org/jira/browse/OFBIZ-13292
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-59118

_____________________________________________________________________

CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting
Severity: important

Affected versions:

- Apache OFBiz before 24.09.03

Description:

Reflected cross-site scripting vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 24.09.03.

Users are recommended to upgrade to version 24.09.03, which fixes the
issue.


Credit:

RedHive Team (security@hive.red) https://hive.red/en/ (finder)


References:

https://issues.apache.org/jira/browse/OFBIZ-13295
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/release-notes-24.09.03.html
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-61623


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================